[OpenIndiana-discuss] Amnesiac LDAP Configuration
chrisridd at mac.com
Thu Nov 18 06:55:51 UTC 2010
On 18 Nov 2010, at 02:41, Patrick O'Sullivan wrote:
> I've gotten a config working where I have Kerberos auth to AD and
> passwd lookups via LDAP to AD. I enable it, and it works fine, but on
> a reboot, it stops working. Please let me know if you have any
> thoughts as to why this happens. (This behavior is common to both
> oi147 and Solaris 11 Express.)
> Configuring ldapclient:
> $ sudo ldapclient -v manual -a credentialLevel=self -a
> authenticationMethod=sasl/gssapi -a defaultSearchBase=dc=osulvn,dc=net
> -a domainName=osulvn.net -a defaultServerList=ad1.osulvn.net -a
> attributeMap=passwd:gecos=cn -a
> attributeMap=passwd:homedirectory=unixHomeDirectory -a
> objectClassMap=group:posixGroup=group -a
> objectClassMap=passwd:posixAccount=user -a
> objectClassMap=shadow:shadowAccount=user -a
> serviceSearchDescriptor=passwd:cn=users,dc=osulvn,dc=net?one -a
> System successfully configured
> $ getent passwd userfoo
> userfoo:x:20002:30000:User Foo:/home/userfoo:/bin/bash
> At this point I can login as userfoo with GSSAPI auth over ssh or with
> a password on the console.
> After I reboot, I can no longer login as userfoo and 'getent' returns nothing.
Yes, I'm seeing the same. At the point it has lost its mojo (:-) what's in the /var/ldap/ldap_client_file and is your nsswitch.conf what it should be or has something changed them?
FWIW just re-running the ldapclient command (with flags) fixes things. I have a shell script that calls it with all our local values in, which makes things a little easier.
More information about the OpenIndiana-discuss